# moonscan.live — SUSPICIOUS > Beware: moonscan.live is a fake Blockchain Explorer phishing site. VirusTotal shows 0/95 detections. Check the full report for details. ## Summary PhishDestroy identifies a live phishing domain posing as a legitimate blockchain explorer to steal cryptocurrency credentials and funds. The domain moonscan.live closely mimics the authentic service Moonscan.io, a widely used Ethereum blockchain explorer, to deceive users into entering sensitive wallet information or private keys. Threat actors registered this domain on March 16, 2026, leveraging a Let’s Encrypt SSL certificate to appear legitimate. The site resolves to IP address 170.75.167.42, which is associated with multiple low-trust hosting providers and has not yet been flagged by security vendors, showing 0 detections on VirusTotal out of 95 engines. This low detection rate, combined with registration through Global Domain Group LLC—a registrar known for facilitating bulk and sometimes opaque registrations—raises significant red flags for ongoing malicious intent. This phishing site represents an immediate threat to cryptocurrency users seeking to verify transactions or explore blockchain data. The attackers rely on typosquatting and visual similarity to exploit user trust and harvest login credentials, seed phrases, or direct wallet access. While the domain has not yet been added to major blocklists or threat intelligence feeds, its recent creation and clean VirusTotal score do not indicate safety. Such domains often remain undetected for days or weeks while actively harvesting user data. The risk is currently classified as active and under investigation, with potential for rapid escalation as more victims report unauthorized access to wallets or funds. Users who visited moonscan.live should immediately revoke any connected wallet permissions, transfer remaining assets to a new wallet, and scan their devices for malware. Do not enter private keys, passwords, or recovery phrases on this site. Enable two-factor authentication on all cryptocurrency accounts and use bookmarked links to official explorers. Report any suspicious transactions or unauthorized access to your wallet provider and relevant blockchain authorities. Monitor accounts closely for signs of compromise, including unexpected transfers or balance changes. Users should also check if their browser extensions or system have been compromised, as phishing sites often deliver secondary payloads like info-stealers or remote access trojans. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 12:05:05 - Registrar: Global Domain Group LLC - IP: 170.75.167.42 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/eeb53ace-12f0-4062-b089-a09de69bf9c4 - PhishDestroy: https://phishdestroy.io/domain/moonscan.live/ - LLM endpoint: https://phishdestroy.io/domain/moonscan.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/moonscan.live/ Last updated: 2026-03-21